Confidential Data Leak: 90% Say It’s Happened to Them

If your small law firm had been hacked or leaked confidential data, what are the consequences to you? According to a September 2014 study by the Ponemon Institute, 90% of American businesses have experienced a leakage or loss of sensitive or confidential documents within the prior 12 months. Moreover, an average 31% of businesses’ confidential documents have been leaked, whether intentionally or inadvertently.

The security that it requires to adequately safeguard your—and your clients’—confidential information is an unfamiliar area to most small businesses, including small law firms. Most assume that the programs you subscribe to are inherently safe, but the truth is that most popular software is not built to the especially high standards for the legal industry. Your bank would never send documents to you via Dropbox, nor should any law firm pass information to partners or clients in this way. Can you explain why?

The American Bar Association in 2012 adjusted its ethics requirements to emphasize that attorneys must educate themselves on the modern technology necessary to protect sensitive information and serve clients to the best of your ability. If a document or a bit of information leaks, your firm could be accountable.

There are specific technology standards recommended for the financial and legal industries, and that are currently the tightest security levels available for data stored or transferred online. In a simple evaluation of cloud computing and SaaS software, Thomson Reuters shares many of these details. Within this simple read is a quick-hit list of recommended standards that should be familiar to every attorney who is considering an online software product. For example, encryption is recommended during “data transport,” whether upload or download—including simple “saving”—of information.

90% of businesses surveyed know they have leaked information. The study did not investigate how many businesses, of the remaining 10%, have had a leak and do not even know. Lack of familiarity with your technology is no excuse when a malpractice suit looms, or when a small law firm’s data integrity is in question. A review of your current online software programs is a good place to start—and don’t be afraid to contact a provider to ask for details. And if to date you have assumed that your data is safe, take a note from the 90% of businesses that say they have discovered a confidential data leak over the previous year.